Supply chain cybersecurity risks are on the rise as threats from cybercrime targeting operational technology (OT) are increasing. While many organizations have strengthened their IT defenses—such as email protection, data safeguards, and anti-phishing measures—the most significant vulnerabilities now lie in the very tools that keep supply chains moving: industrial control systems, IoT devices, and robotics.
And the bad actors know it.
Recent APQC research reveals a troubling trend: fewer supply chain professionals are prioritizing cybersecurity in 2025 compared to last year, despite a surge in OT-targeted attacks. Strategic cargo theft, for example, has skyrocketed—up 1,475% in just two years. These crimes don’t require breaking into warehouses; they’re executed remotely through identity theft and social engineering.
So why the disconnect?
One reason is spending. At the median, organizations allocate just 0.5% of their revenue to cybersecurity. For a company with $2 billion in revenue, that’s $10 million—barely a drop compared to the nearly $1 billion spent on manufacturing. And while outsourcing cybersecurity can help, it’s not a silver bullet. Only 25% of OT security processes are outsourced, and even those are vulnerable, as high-profile breaches have shown.
Perhaps most concerning is the lack of planning. APQC found that nearly a third of organizations aren’t considering robust OT endpoint security, and a quarter have no incident response plan. Only 2% have optimized OT security measures in place. That’s not just risky—it’s unsustainable.
Cybercrime isn’t slowing down. From lone hackers to nation-state actors, the threat landscape is evolving fast. Organizations that fail to act now risk massive disruptions, financial losses, and reputational damage.
Supply Chain Cybersecurity Check List
- Assess your OT vulnerabilities to understand your risk profile.
- Invest in robust endpoint security measures.
- Develop a comprehensive incident response plan.
- Use APQC’s benchmarking tools and member resources to compare your practices with peers and identify gaps.
Remember: Cybersecurity is not just an IT issue—it’s a supply chain imperative.
Learn more in APQC’s Supply Chains are on a Collision Course with Cyber Crime.